[Samba] Vulnerabilities reported by Qualys scan

Xu, Ying (Houston) Ying.Xu at littonloan.com
Thu May 28 13:52:07 GMT 2009 

Thanks for the reply.  I have googled and tried different solutions
before posting here.  I thought that someone may encounter the same
audit issues.   I tried the workaround mentioned in the link, but it
didnt work.  Samba needs an existing unix account.
 
Ying
 
 
 

________________________________

From: Frank Gruman [mailto:fgatwork at verizon.net] 
Sent: Wednesday, May 27, 2009 10:27 PM
To: Xu, Ying (Houston)
Cc: samba at lists.samba.org
Subject: RE: [Samba] Vulnerabilities reported by Qualys scan


On Wed, 2009-05-27 at 10:41 -0500, Xu, Ying (Houston) wrote: 

	Did anyone encounter this kind of audit issue at all?
	
	Thanks
	 
	Ying 
	 
	
	-----Original Message-----
	From: samba-bounces+ying.xu=littonloan.com at lists.samba.org
	[mailto:samba-bounces+ying.xu=littonloan.com at lists.samba.org] On
Behalf
	Of Xu, Ying (Houston)
	Sent: Friday, May 22, 2009 11:01 AM
	To: samba at lists.samba.org
	Subject: [Samba] Vulnerabilities reported by Qualys scan
	
	We are running samba services on several solaris10 servers for
the users
	that need to read reports/logs on their windows workstation.
THe shares
	are shared read-only and allowed guest account since most of
users do
	not have unix accounts.  Our company recently started Qualys
scan on all
	servers, and we need to address the vulnerabilities reported.
We are
	getting the following vulnerabilities regarding the samba
services:
	 
	Remote User List Disclosure Using NetBIOS (CVE-2000-1200) 
	Null Session/Password NetBIOS Access (CVE-1999-0519)
	 
	Is there anyway to address this besides disable guest account?
	 
	
	Thanks
	 
	Ying Xu <yxu at littonloan.com>
	Unix Group


I used to run into security scans and mitigation requirements all the
time.  From a variety of scan tools...

A _VERY_ brief Google search (CVE-2000-1200 samba) lead me to
http://www.rapid7.com/vulndb/lookup/cifs-nt-0002 where you can find
instructions on mitigating that issue (there are Windows sections, a
Samba section, and a Novell section - just scroll).  The second issue
was also found with a similar search and results -
http://www.rapid7.com/vulndb/lookup/cifs-nt-0001. 

I have typically found that these scan tools will give you a general
idea of how to mitigate these issues (perhaps Windows-centric in this
case) but still a hint none the less.  Even Qualys gives you that much.

Regards,
Frank 
-------------------------------------------------------------------------------------------

DISCLAIMER: This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you have received this email in error please notify the sender
by replying to this message and then delete it from your system. Use,
dissemination or copying of this message by unintended recipients is not
authorized and may be unlawful. Please note that any views or opinions
presented in this email are solely those of the author and do not necessarily
represent those of the company. Finally, the recipient should check this email
and any attachments for the presence of viruses. The company accepts no
liability for any damage caused by any virus transmitted by this email.

More information about the samba mailing list